IN THE CLAIMS 

All currently pending claims have been reproduced below. No claims are presently 
added or amended. 

1. (original) A login method comprising 

processing a login token, if provided, during a login attempt, wherein the login 
attempt is impermissible, and thus unsuccessful, if the login attempt 
occurs before expiration of a first period of time following an 
unsuccessful login attempt associated with said login token; and 

providing an updated login token in response to the login attempt, wherein the 
updated login token does not permit a subsequent login attempt before 
expiration of a second period of time if the login attempt is 
unsuccessful. 

2. (original) The login method of claim 1, further comprising maintaining a login- 
attempt successor indicator, said login-attempt successor indicator indicating whether the 
login attempt is successful, said login-attempt successor indicator being referenced during the 
subsequent login attempt 

3. (original) The login method of claim 2, further comprising including in the 
updated login token an attempt successor indicator, said attempt success indicator indicating 
whether the login attempt is successful, said attempt successor indicator being referenced 
during the subsequent login attempt. 
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4. (original) The login method of claim 3, wherein the login-attempt success 
indicator is a login class, wherein the login class is first-class if the login attempt is successful. 

5. (original) The login method of claim 1, further comprising maintaining a time 
stamp, said time stamp corresponding to the second period of time. 

6. (original) The login method of claim 1, further comprising inserting in the 
updated login token a time stamp, said time stamp corresponding to the second period of time. 

7. (original) The login method of claim 1, further comprising maintaining an 
account identifier, said account identifier corresponding to an account that is the subject of the 
login attempt, wherein the subsequent login attempt is impermissible if an account that is the 
subject or the subsequent login attempt does not correspond to the account identifier. 

8. (original) The login method of claim 1, further comprising inserting in the 
updated login token an account identifier, said account identifier corresponding to an account 
that is the subject of the login attempt, wherein the subsequent login attempt is impermissible 
if an account that is the subject of the subsequent login attempt does not correspond to the 
account identifier. 

9. (original) The login method of claim 1, further comprising maintaining a 
network address identifier, said network address identifier corresponding to a network address 
from which the login attempt originates, wherein the subsequent login attempt is impermissible 
if a network address from which the subsequent login attempt originates does not correspond 
to the network address identifier. 
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10. (original) The login method of claim 1, further comprising inserting in the 
updated login token a network address identifier, said network address identifier 
corresponding to a network address from which the login attempt originates, wherein the 
subsequent login attempt is impermissible if a network address from which the subsequent 
login attempt originates does not correspond to the network address identifier. 

1 1 . (original) The login method of claim 1, further comprising maintaining a 
password identifier, said password identifier corresponding to a password submitted with the 
login attempt, wherein the subsequent login attempt is impermissible if a password submitted 
with the subsequent login attempt does not correspond to the password identifier. 

12. (original) The login method of claim 1, further comprising inserting in the 
updated login token a password identifier, said password identifier corresponding to a 
password submitted with the login attempt, wherein the subsequent login attempt is 
impermissible if a password submitted with the subsequent login attempt does not correspond 
t the password identifier. 

13. (original) The login method of claim 1, further comprising inserting in the 
updated login token a validity stamp, said validity stamp designed to prevent the use of an 
invalid login token, wherein the login attempt is impermissible if the login token does not 
include a valid validity stamp. 

14. (original) The login method of claim 1, further comprising inserting in the 
updated login token a nonce, said nonce designed to prevent the reuse of an otherwise valid 
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login token, wherein the login attempt is impermissible if the login token does include a nonce 
used in a prior login attempt. 

15. (original) The login method of claim 1, further comprising maintaining a count 
of unsuccessful login attempts. 

16. (original) The login method of claim 15, further comprising incrementing the 
count of the login attempt is impermissible. 

17. (original) The login method of claim 15, further comprising incrementing the 
court if the login attempt is permissible but otherwise unsuccessful. 

18. (original) The login method of claim 15, further comprising selecting the 
second period of time by reference to the court, wherein the second period of time is longer 
than it otherwise would be if the count reaches a predefined threshold. 

19. (original) The login method of claim 15, further comprising selecting the 
second period of time by reference to the count, wherein the second period of time is longer 
than it otherwise would be if the count reaches a predefined threshold within a third period of 
time. 

20. (original) The login method of claim 1, wherein the login attempt is 
impermissible if the login token is not provided during the login attempt. 
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21 . (original) The login method of claim 1, wherein maintaining a count of 
unsuccessful login attempts to login with a password. 

22. (original) The login method of claim 21, further comprising incrementing the 
count if the login attempt is impermissible and is made with the password. 

23. (original) The login method of claim 21, further comprising incrementing the 
count if the login attempt is permissible but otherwise unsuccessful and is made with the 
password. 

24. (original) The login method of claim 21, further comprising selecting the 
second period of time by reference to the count, wherein the second period of time is longer 
than it otherwise would be if the count reaches a predefined threshold and the login attempt is 
made with the password. 

25. (original) The login method of claim 21, further comprising selecting the 
second period of time by reference to the count, wherein the second period of time is longer 
than it otherwise would be if the count reaches a predefined threshold within a third period of 
time and the login attempt is made with the password. 

26. (original) The login method of claim 21, wherein the second period of time is 
not increased as the count increases unless each of the defined number of unsuccessful login 
attempts t login with the password occur within a third period of time. 
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27. (original) The login method of claim 21, further comprising invalidating the 
subsequent login attempt if the count equals a predefined threshold and the password is 
submitted with the subsequent login attempt. 

28. (original) The login method of claim 1, further comprising maintaining a count 
of unsuccessful login attempts to login with a user name 

29. (original) The login methof of claim 28, further comprising incrementing the 
count if the login attempt is impermissible. 

30. (original) The login method of claim 28, further comprising incrementing the 
count if the login attempt is permissible but otherwise unsuccessful. 

3 1 . (original) The login method of claim 28, further comprising selecting the 
second period of time by reference to the count, wherein the second period of time is longer 
than it otherwise would be if the count reaches a predefined threshold and the login attempt is 
made with the user name. 

32. (original) The login method of claim 28, further comprising selecting the 
second period of time by reference to the count, wherein the second period of time is longer 
than it otherwise would be if the count reaches a predefined threshold within a third period of 
time and the login attempt is made with the user name. 
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33 . (original) The login method of claim 28, wherein the second period of time is 
not increased as the count increases unless each of the defined number of unsuccessful login 
attempts to login with the user name occur within a third period of time. 

34. (original) The login method of claim 28, further comprising invalidating the 
subsequent login attempt if the count equals a predefined thresholdl and the user name is 
submitted with the subsequent login attempt. 

35. (original) The login method of claim 1, further comprising maintaining a count 
of unsuccessful login attempts to login from a network address. 

36. (original) The login method of claim 35, further comprising incrementing the 
count if the login attempt is impermissible and made from the network address. 

37. (original) The login method of claim 35, further comprising incrementing the 
count if the login attempt is permissible but otherwise unsuccessful and made from the 
network address. 

38. (original) The login method of claim 35, further comprising selecting the 
second period of time by reference to the count, wherein the second period of time is longer 
than it otherwise would be if the count reaches a predefined threshold and the login attempt is 
made from the network address. 

39. (original) The login method of claim 35, further comprising selecting the 
second period of time by reference to the count, wherein the second period of time is longer 
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than it otherwise would be if the count reaches a predefined threshold within a third period of 
time and the login attempt is made from the network address. 

40. (original) The login method of claim 35, wherein the second period of time is 
not increased as the count increases unless each of the defined number of unsuccessful login 
attempts to login from the network address occur within a third period of time. 

41 . (original) The login method of claim 35, further comprising invalidating the 
subsequent login attempt if the count equals a predefined threshold and the subsequent login 
attempt is made from the network address. 

42. (original) The login method of claim 1, wherein 

the second period of time is a first length if the login attempt is one in a series 
of unsuccessful login attempts associated with the login token, which 
follow a successful attempt associated with the login token, if the series 
of unsuccessful login attempts does not include more than a predefined 
number unsuccessful login attempts; 

the second period of time is a second length if the login attempt is one in a 
series of unsuccessful login attempts associated with the login token, 
which follow a successful attempt associated with the login token, if the 
series of unsuccessful login attempts includes the predefined number 
unsuccessful login attempts; 

the second period of time is a third length if the login attempt does not follow a 
successful attempt associated with the login token, said third length 
exceeding the first length; and 
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the second period of time is a fourth length if the login token is not provided 
during the login attempt, said fourth length exceeding the first length. 

43. (original) The login method of claim 1, further comprising processing a second 
login token, if provided, during a second login attempt, wherein the login cookie provided in 
response to the second login attempt does not permit a subsequent login attempt at least until 
the second period of time has expired twice since the login attempt. 

44. (original) A login method comprising 

processing a login attempt to determine whether the login attempt is successful, 
said login attempt being successful if permissible and submitted with a 
valid user name and password combination; 

providing a first-class login token if the login attempt is successful, said first- 
class login token permitting a predefined number of unsuccessful login 
attempts without imposing more than a first time delay between each of 
said unsuccessful login attempts; 

providing a second-class login token if the login attempt is unsuccessful and a 
login token submitted with the login request is second-class, wherein a 
subsequent login attempt made with said second-class login token is not 
permissible if submitted prior to expiration of a second time delay, said 
second time delay exceeding said first time delay; 

providing the second-class login token if the login attempt is unsuccessful and 
is the last of a series of unsuccessful login attempts associated with a 
first-class login token, said series including more than the predefined 
number of unsuccessful login attempts; and 
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providing the second-class login token if a login token is not submitted with the 
login attempt, said login attempt not being permissible. 

45. (original) The login method of claim 44, wherein the login attempt is not 
permissible if a login token submitted with said login attempt is invalid. 

46. (original) The login method of claim 44, wherein the login attempt is not 
permissible if said login attempt is made prior to expiration of a time delay associated with a 
login token submitted with said login attempt. 

47. (original) A computer program product for use in conjunction with a computer 
system, the computer program product comprising a computer readable storage medium and a 
computer program mechanism embedded therein, the computer program mechanism 
comprising: 

instructions for processing a login attempt to determine whether the login 

attempt is successful, said login attempt being successful if permissible 
and submitted with a valid user name and password combination; 

instructions for providing a first-class login token if the login attempt is 

successful, said first-class login token permitting a predefined number 
of unsuccessful login attempts without imposing more than a first time 
delay between each of said unsuccessful login attempts; 

instructions for providing a second-class login token if the login attempt is 
unsuccessful and a login token submitted with the login request is 
second-class, wherein a subsequent login attempt made with said 
second-class login token is not permissible if submitted prior to 
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expiration of a second time delay, said second time delay exceeding said 
first time delay; 

instructions for providing the second-class login token if the login attempt is 
unsuccessful and is the last of a series of unsuccessful login attempts 
associated with a first-class login token, said series including more than 
the predefined number of unsuccessful login attempts; and 

instructions for providing the second-class login token if a login token is not 
submitted with the login attempt, said login attempt not being 
permissible. 

48. (original) A computer program product for use in conjunction with a computer 
system, the computer program product comprising a computer readable storage medium and a 
computer program mechanism embedded therein, the computer program mechanism 
comprising: 

instructions for processing a login token, if provided, during an attempt to 
login, wherein the login attempt is impermissible if the login attempt 
occurs before expiration of a first period of time following an 
unsuccessful login attempt associated with said login token; and 

instructions for providing an updated login token in response to the login 

attempt, wherein the updated login token does not permit a subsequent 
login attempt before expiration a second period of time if the login 
attempt is impermissible. 

49. (original) A computer system for processing login requests, comprising: 



13 



a first-class login server and a second-class login server, said first-class login 
server and said second-class login server each including a storage unit 
and a processor, said storage unit configured to store login information, 
said processor configured to process login requests with reference to 
said login information; 

the first-class login server and the second-class login server each configured to 
process a login attempt to determine whether the login attempt is 
successful, said login attempt being successful if permissible and 
submitted with a valid user name and password combination; 

the first-class login server configured to process login attempts made with a 
first-class login token and the second-class login server configured to 
process login attempts made with a second-class login token; 

the first-class login server and the second-class login server each further 

configured to provide a first-class login token if the login attempt is 
successful, said first-class login token permitting a predefined number 
of unsuccessful login attempts without imposing more than a first time 
delay between each of said unsuccessful login attempts; 

the second-class login server further configured to provide a second-class login 
token if the login attempt is unsuccessful, wherein a subsequent login 
attempt made with said second-class login token is impermissible if 
submitted prior to expiration of a second time delay, said second time 
delay exceeding said first time delay; and 

the first-class login server further configured to provide a second-class login 
token if the login attempt is unsuccessful and the login attempt is the 
last of a series of unsuccessful login attempts associated with a specific 
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first-class login token, said series including more than the predefined 
number of unsuccessful login attempts. 

50. (original) The computer system of claim 49, wherein the second-class login 
server is further configured to serially process login attempts. 

5 1 . (original) The computer system of claim 50, wherein the second-class server is 
further configured to process login attempts at a defined rate. 

52. (original) The computer system of claim 51, wherein the second-class server is 
further configured to decrease the defined rate in response to an occurrence of a set of 
unsuccessful login attempts. 

53 (original) The computer system of claim 51, wherein the second-class server is 
further configured to decrease the defined rate if a defined number of unsuccessful login 
attempts occur during a defined period of time. 

54. (original) The computer system of claim 53, wherein the second-class server is 
further configured to increase the defined rate if the defined number of unsuccessful login 
attempts do not occur during the defined period of time. 

55. (original) The computer system of claim 49, wherein the first-class login server 
is the default login server such that all login attempts are initially processed by said first-class 
login server, which is configured to redirect login attempts made with a second-class login 
token to the second-class login server. 
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